Information disclosure in 850 EVO - CVE-2018-12038
Published: November 7, 2018
Vulnerability identifier: #VU15756
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-12038
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Samsung
Affected software:
850 EVO
850 EVO
Detailed vulnerability description
The vulnerability allows a physical attacker to obtain potentially sensitive information on the target system.
The weakness exists due to key information is stored within a wear-leveled storage chip. A physical attacker can update a key with a new password and access previous version of the key (either unprotected, or with an old password), negating the need to know the updated password.
The weakness exists due to key information is stored within a wear-leveled storage chip. A physical attacker can update a key with a new password and access previous version of the key (either unprotected, or with an old password), negating the need to know the updated password.
How to mitigate CVE-2018-12038
Install updates for the vulnerable products from vendors' websites.